BLS Multi-Signatures With Public-Key AggregationAuthors: D. Boneh, M. Drijvers, and G. Neven
This short note describes a simple approach for aggregating many BLS signatures on a common message, so that verifying the short multi-signature is fast. Moreover, the system supports public key aggregation, where the verification algorithm only uses a short aggregated public key. The original public keys are not needed for verifying the multi-signature. An important property of the construction is that the scheme is secure against a rogue public-key attack without requiring users to prove knowledge of their secret keys (this is sometimes called the plain public-key model). The construction builds upon the work of Bellare and Neven, and the recent work of Maxwell, Poelstra, Seurin, and Wuille.
Full paper: html
Related papers: The full version of this work titled Multi-signature schemes for Bitcoin is currently under review.